Data Protction Policy
Home
Contact Us
Directions
Indoor
Outdoor
Membership
Courses
Links

Redheath Archers Data Protection Policy Doc ID: RA-DPP-01 Version 1.0

www.redheatharchers.org.uk

Revision History

 Background

On 25th May 2018 the new European General Data Protection Regulation (GDPR) comes into force, governing the data privacy for all EU citizens. GDPR applies to all organisations that process personal data, including clubs such as Redheath Archers. The regulation is mandated and non compliance can result in heavy fines.

As a result, under this EU GDPR, every club member must be informed of the data that the club holds about them (personal data) and give permission for it to be used. Members also have the right to ask to see what data the club holds about them at any time.

The following therefore represents RedheathArchers club policy with respect to personal data and the impact of GDPR.

Our Data Protection Policy

The Data We Collect.

In order to carry out the activities of Redheath Archers ('the club') it is necessary to collect a small set of personal information about each club member. This personal information comprises of:

• Title, First and Last names
• Contact email address
• Contact telephone number(s)
• Physical address and postcode
• Date of Birth
• Parent/Guardian contact details (for Juniors)
• Important medical information provided to support healthcare/first aid needs.

Such details are collected via one or more of the following methods:
• Via direct email to the club contact email address.
• Via telephone enquiry
• Directly, in-person

The data collected shall be retained on paper membership forms or electronically on computer files.

It is the policy of the club that only the minimum amount of personal data needed shall be collected and stored.  The data required is such that it is possible to facilitate individuals membership of the club and of Archery-GB plus enable club members to participate in club related events such as competitions.

Personal Data (Special Category)

Where a member expressly requests that the club retain additional important information (eg about important medical conditions) then the club may also securely hold these details. Where this is the case then it is the members responsibility to ensure that their details as held by the club are kept up to date if as changes to information occur.

Data Transparency

The club shall be clear with all members about the personal data it collects and for what purpose. This shall be achieved via this policy document and other statements on membership forms. It is mandatory that every club member understands how their personal data is to be used and explicitly agrees to this. The default position in all cases is that agreement is not assumed.

In particular, these requirements shall be enforced at the time new members join the club and regularly thereafter at annual renewal, when each member shall be required to review and approve/sign to say that they accept the club policy before their annual renewal will be processed.

Data Security

The club shall at all times hold this data securely whether it be in the form of electronic data or in physical form such as paperwork.

Digital Data

Equipment used to access digital data is protected from malicious attacks via security software and personal data protected via the use of encryption methods. Data protection mechanisms are subject to annual reviews and update at least every 6 months. Additionally, for coaching activities the club coach may at times and with members permission, create training and coaching material in the form of photos and video files. These shall also be categorised as personal data and be held securely.

Data access

The club is committed to transparency in its approach to the management of member details and as a result will always be open with members about what data is held and how it is used.

Members’ Access to Data

Each club member shall have the right to review the personal data that the club holds on them and request changes to or deletion of, all the data that the club holds.

All such requests shall be serviced within a period of 30 calendar days.

 Third Party Access to Data

The club takes data privacy seriously and shall not share the personal details of any member with any third parties without the member's prior and express consent (via email or in writing).

Permission to share data with Archery GB shall normally be required and will be part of normal new member and renewal approvals.

Personal data held by the club may be shared with law enforcement agencies (e.g. police) if emended and subject to necessary authorisation.

Restrictions

• Club members shall not be given access to the personal data held by the club of other club members without prior written or emailed consent from the member who's details are to be shared.

• The club shall never hold on file, any member's bank details.

Personal Data Management Procedures

The club shall manage all personal data related activities via steps detailed in the club's personal data management procedures document [RA-DMP-01]. This document outlines key activities relating to the management of personal data and the events that trigger them. The personal data management procedures document shall be shared with any club member upon request. Such requests shall be serviced within a period of 30 calendar days.